diff options
| author | Steven Barth <steven@midlink.org> | 2008-06-28 16:03:54 +0000 |
|---|---|---|
| committer | Steven Barth <steven@midlink.org> | 2008-06-28 16:03:54 +0000 |
| commit | 00aceaf624d8e5da2a8f3df161d52599aae2ac41 (patch) | |
| tree | c18d8c411f8d4a02762a478348fd8a86b4f56f5a /libs/web/luasrc/dispatcher.lua | |
| parent | 7f56bf947599b20e2cf50018e160e602d5516e5f (diff) | |
* libs/web: Switched from HTTP-Basic-Auth to Session-Auth
* Updated Makefiles for better testing environment integration
* Fixed libs/sgi-luci
Diffstat (limited to 'libs/web/luasrc/dispatcher.lua')
| -rw-r--r-- | libs/web/luasrc/dispatcher.lua | 77 |
1 files changed, 40 insertions, 37 deletions
diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index 5bf3fc1d6f..989eb44021 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -43,18 +43,6 @@ function build_url(...) return luci.http.getenv("SCRIPT_NAME") .. "/" .. table.concat(arg, "/") end --- Prints an error message or renders the "error401" template if available -function error401(message) - message = message or "Unauthorized" - - require("luci.template") - if not luci.util.copcall(luci.template.render, "error401") then - luci.http.prepare_content("text/plain") - luci.http.write(message) - end - return false -end - -- Sends a 404 error code and renders the "error404" template if available function error404(message) luci.http.status(404, "Not Found") @@ -80,6 +68,25 @@ function error500(message) return false end +-- Renders an authorization form +function sysauth(default) + local user = luci.http.formvalue("username") + local pass = luci.http.formvalue("password") + + if user and luci.sys.user.checkpasswd(user, pass) then + local sid = luci.sys.uniqueid(16) + luci.http.header("Set-Cookie", "sysauth=" .. sid) + luci.sauth.write(sid, user) + return true + else + require("luci.i18n") + require("luci.template") + context.path = {} + luci.template.render("sysauth", {duser=default, fuser=user}) + return false + end +end + -- Creates a request object for dispatching function httpdispatch(request) luci.http.context.request = request @@ -119,34 +126,9 @@ function dispatch(request) end end - if track.sysauth then - local accs = track.sysauth - accs = (type(accs) == "string") and {accs} or accs - - --[[ - local function sysauth(user, password) - return (luci.util.contains(accs, user) - and luci.sys.user.checkpasswd(user, password)) - end - - if not luci.http.basic_auth(sysauth) then - error401() - return - end - ]]-- - end - if track.i18n then require("luci.i18n").loadc(track.i18n) end - - if track.setgroup then - luci.sys.process.setgroup(track.setgroup) - end - - if track.setuser then - luci.sys.process.setuser(track.setuser) - end -- Init template engine local tpl = require("luci.template") @@ -159,6 +141,27 @@ function dispatch(request) viewns.resource = luci.config.main.resourcebase viewns.REQUEST_URI = luci.http.getenv("SCRIPT_NAME") .. (luci.http.getenv("PATH_INFO") or "") + if track.sysauth then + require("luci.sauth") + local def = (type(track.sysauth) == "string") and track.sysauth + local accs = def and {track.sysauth} or track.sysauth + local user = luci.sauth.read(luci.http.getcookie("sysauth")) + + + if not luci.util.contains(accs, user) then + if not sysauth(def) then + return + end + end + end + + if track.setgroup then + luci.sys.process.setgroup(track.setgroup) + end + + if track.setuser then + luci.sys.process.setuser(track.setuser) + end if c and type(c.target) == "function" then context.dispatched = c |